Data breach litigation: Mitigating risks in the Financial Services sector

19th November 2021

The curve

There is a marked increase in the volume of data breach claims being pursued by individual claimants and via proposed group/class actions.  This is likely to be partially related to a number of high profile group actions involving well-known brands/organisations, combined with the proactive recruitment of claimants by claims management firms.

The volume and sensitive nature of data held by firms operating within the Financial Services sector, including Alternative Lenders and any businesses advancing Consumer Credit, mean that data breach claims are a particular risk.

Quite apart from regulatory concerns and requirements, the fallout from a data leak can be devastating from a reputational perspective.

The trajectory

The claims follow an all-too familiar trajectory. A firm suffers a data breach relating to the personal data of its clients/customers/employees. Consumer-focused claims management firms then seek to sign up affected customers and prepare pre-action correspondence with a view to either putting pressure on firms to settle, or to issuing multiple claims for damages for breach of data protection legislation, breach of confidence, misuse of private information and negligence.  Many such claims are usually backed by conditional fee agreements and After the Event (ATE) insurance.

The answer

There are some proactive steps that Financial Services firms should take now:

Health Check.  We regularly carry out health check reviews of existing policies, procedures and training with a view to “future proofing” against claims of this nature.

Act Fast and Mitigate.  Ensure internal protocols and policies are implemented, monitored and followed. Where a breach has or is likely to arise, investigate quickly (maintaining records of any such investigation). Report breaches (or potential breaches) to your data protection team and involve specialist advisers as soon as possible, not least because a report may need to be made to the ICO. Taking quick action is not only a regulatory obligation, but may also prevent further loss and damage.

Talk to us.  The law in relation to data breach claims is developing apace [1].  Our team of commercial dispute resolution lawyers are highly experienced in resolving and robustly defending claims of this nature and are closely monitoring all key developments. This expertise, when combined with our specialist regulatory and compliance team’s understanding of the related regulatory matrix, ensures that an informed and robust strategy can be adopted if and when any Financial Services firm faces the threat of data breach litigation.

[1] See our [recent briefing hyperlink to Warren v DSG briefing], for example.